8. advances in web engineering

SWE 444 - Internet & Web Application Development 8.1

8. Advances in Web Engineering

a. SOA

b. Security for e-Commerce


Introduction to SOA Environments

byDennis Smith and Grace LewisSoftware Engineering Institute


What is SOA?

Service-oriented architecture is a way of designing systems that enables• Cost-efficiency• Agility• Adaptability• Leverage of legacy investments


Services

Services are reusable components that represent business tasks.• Customer lookup• Account lookup• Credit card validation• Credit check• Hotel reservation• Interest calculation

Services can be• Globally distributed across

organizations• Reconfigured into new business

processes


Services and Cost-Efficiency

Order Processing Application

Customer Lookup - 1

Invoicing Application

Customer Lookup - 2

CRM Application

Customer Lookup - 3

Customer Lookup Service

A service with equivalent

functionality can be

implemented and used by all

three applications


Services and Agility



Credit Check

Service

Item Lookup Service

Inventory Check

Service

Course Management Application

Room Availability

Service

The new application can

easily use available services.

New services can be used by

other applications as

well.


Services and Adaptability



Credit Check

Service

Item Lookup Service

Inventory Check

Service

SOA Infrastructure

The SOA Infrastructure

provides a standard

communication mechanism

between applications and

services.

Changes in services have potentially no

impact on existing

applications that use them.


Services and Legacy Leverage



Credit Check

Service

Item Lookup Service

Inventory Check

Service

SOA Infrastructure

Customer Management

System

The applications access the

services in a standard way.

It is the service’s task to

invoke the legacy

system.

Legacy platform

diversity and complexity is transparent

to the application.

Manufacturing System

Components of an SOA-Based System

Application X

Service A

SOA Infrastructure

Enterprise Information System

Application Y

Application Z

Internet

Internet

External System

Service B

Service C

Service D

Internal Users

DiscoverySecurityDevelopment Tools

Legacy or New Code


In Summary …

SOA is an approach to software development where• Services provide reusable functionality with well-defined

interfaces.• An SOA infrastructure enables discovery, composition

and invocation of services. • Applications are built using functionality from available

services.

If managed well, SOA adoption can lead to• Cost-efficiency• Agility• Adaptability• Leverage of legacy investments

The hard part is the “if managed well”.


An SOA Provides The Complete Architecture For A System

SOA is an architectural pattern/style/paradigm and not the architecture of the system itself.

An architectural pattern provides guidance that embodies best practices.• The concrete elements and their interactions are the

architecture of the system.

Any number of systems can be developed based on an architectural pattern.• An architecture based on SOA inherits both the good and the

bad.

Corollary: SOA cannot be bought off-the shelf.• System qualities have to be built into the architecture of the

system.• Decisions have to be made—service design and

implementation, technologies, tradeoffs.


Using XML and WSDL Guarantees Interoperability Among Web Services Provided by Multiple Organizations

Web Services enable syntactic interoperability• XML Schema defines structure and data types• WSDL defines the interfaces: operations, parameters

and return values

Web Services do not guarantee semantic interoperability• XML and WSDL do not define the meaning of data• WSDL does not define what a service does• How to describe the meaning of Web Service

inputs and outputs in a formal manner - Active research area—unresolved issues

Interoperability needs agreement on both syntax and semantics


It Is Easy To Develop Applications Based on Services

It is relatively easy to build services to work with a particular infrastructure … but designing a “good” service might not be that easy.

• From a implementation standpoint- Ease depends on tool availability for SOA

infrastructure– There is plenty of guidance and excellent tool

support to implement, deploy, and manage services for Web Services

- Most difficult part is composition—data mismatches

• From a design standpoint- Designing a service interface in a way that it

can be used easily in many contexts is a much harder task.

– Not many best practices for designing services- Have to anticipate potential users and usage patterns


It is Easy to Compose Services Dynamically at Runtime

Current technologies have not advanced to the point that this is possible in production environments.

Requires the use of a common ontology by service providers and client applications within a domain

Requires the construction of extremely intelligent applications that• Construct the right queries for the discovery of

services• Compose services when there is not a single service

that can process the request• Provide the right data to invoke a service that was

discovered at runtime


Web Services

Web services is one mechanism for implementing an SOA-based system.

• Service interfaces are described using Web Services Description Language (WSDL)

• Data is transmitted using SOAP over HTTP

• UDDI is optionally used as the directory service

Because it is the most common mechanism, it is often equated to SOA.


Web Service Protocol Stack

The highlighted standards are the most commonly used

Most Web Service standards are emerging and even competing

Security, QoS, Transactions, and Management have to be addressed in all layers

DiscoveryUDDI

DescriptionWSDL

Message FormatSOAP

EncodingXML

TransportHTTP

Se

curity

Ma

na

ge

me

nt

Tra

nsa

ction

s

Qu

ality of S

ervice

Orchestration and Choreography

WSCL, WSCI, BPEL4WS, WS-Coordination

BPML, BPSS

Base Stack

Adapted from “XML and Web Services Unleashed”, SAMS Publishing


Web Services At Design Time

Alice obtains the WSDL

corresponding to Bob’s web

service

Alice runs the WSDL document

through tools that generate all the necessary

message construction code (e.g.

WSDL2Java)

Bob exposes functionality in a system as a

service (or creates a specific

service) and places a WSDL

document in an “accessible

place”

Alice adds code to her application that executes the

message construction

code to connect to Bob’s web

service and any additional code that uses the

response obtained from

Bob’s web service


Web Services At Run Time

1. User executes Alice’s application

3. When Bob’s HTTP server sees a SOAP message it sends it to the SOAP engine

2. Application builds a SOAP message and sends it to Bob’s service via HTTP

4. SOAP engine parses the message and constructs the call to Bob’s system

5. Bob’s system executes the invoked operation

6. Bob’s system returns operation results

HTTPRequest Call

ReturnHTTPResponse

7. SOAP engine builds response message and returns it via HTTP

HTTP Server Bob’s SystemUser at Alice’s Application

8. Alice’s application interprets response and displays results to the user.


Static vs. Dynamic

With today’s technology, discovery and composition of services are done at design time—Static• Developer discovers services and obtains addresses• Developer writes code to invoke the services located at these

addresses

There is a great amount of research to enable discovery and composition at runtime—Dynamic• Application discovers services and obtains addresses• Application contains code to invoke the discovered services

and “knows” what information to provide

There are a lot of “In-Between” techniques• Application discovers services but requires user intervention to

select services and provide the required information• Portals are configured such that “portlets” correspond to

services


In Summary …

Web Services are the most currently used approach to SOA implementation.• Basic infrastructure standards are fairly stable• More higher level standards are emerging

Web Services are not the only approach to SOA implementation.


Components of an SOA-Based Systems

1. Services

2. Applications

3. SOA Infrastructure


Our Scenario: SOA-Based System Components

Order Management

System

Financial System

Organization 1

Organization 2

Credit Card Validation

System

SO

A In

frastru

ctu

re


CRM Application

Shipping System

FedEx

Shipping System

UPS

Shipping System

DHL

Order Placement Application

Customer Organization

Internet

Internet


Distribution of SOA-Based System Development

Organizational ESB

Incorporation of Map Data

“Just-In-Time” Inventory Management

Software as a Service

Single Organization

Multiple Organizations

Net-Centric Operations

On the left side of the spectrum all three types of components are developed within the same organization.

On the right side of the spectrum each type of component is developed by a different organization.

There are many possibilities in between.

As you move to the right, the challenges are greater.


Application Developers 1

Focus on the discovery, composition and invocation of services, either statically at design time or dynamically at run time


Application Developers 2

1. Identify appropriate

services (both

internal and external)

that can be reused

Order Management

System

Financial System

Organization 1

Organization 2


System

SO

A In

frastru

ctu

re


CRM Application

Shipping System

FedEx

Shipping System

UPS

Shipping System

DHL

Order Placement Application

Customer Organization

Internet

Internet

… as well as if it needs to become a service

provider itself

2. Understand the interfaces in terms of the functionality and QoS

provided by them

Application Developer needs to create a new application

using the SOA approach

3. Create the new system

using as many existing services

as possible

4. The application needs to be architected in such a way

that it can easily accommodate changes in

services interfaces …


Tasks for Application Developers

Understand the SOA infrastructure

Discover appropriate services to be incorporated into applications

Retrieve service description documentation

Invoke the identified services in applications• Data conversions• Error handling• Availability handling

Test the services for correctness in the context of the application being developed


Service Developers

Focus on the description and granularity of services so that applications can easily locate and use them with acceptable Quality of Service (QoS)


Service Developers

1. Identify what existing business

functionality can be

exposed/reused as services

Order Management

System

Financial System

Organization 1

Organization 2


System

SO

A In

frastru

ctu

re


CRM Application

Shipping System

FedEx

Shipping System

UPS

Shipping System

DHL

Internet

Internet

4. Design, create and

publish services to internal and

external organizations

3. Anticipate requirements for future consumer systems and architect services in a

scalable fashion

2. Analyze service

interface, functionality and

QoS requirements for new consumer

systems


Tasks for Service Developers

Understand requirements of potential service users

Understand SOA infrastructure

Develop code that receives the service request, translates it into calls into new or existing systems, and produces a response

Describe and publish the service

Develop service initialization code and operational procedures• Service-Level Agreements (SLAs) are a topic of current

interest among service providers.


Infrastructure Developers

Focus on providing a stable infrastructure• Standards• Common services• Development tools

NOTE: The Enterprise Service Bus (ESB) is an example of an infrastructure designed to support the SOA paradigm.


Infrastructure Developers 2

Order Management

System

Financial System

Organization 1

Organization 2


System

SO

A In

frastru

ctu

re


CRM Application

Shipping System

FedEx

Shipping System

UPS

Shipping System

DHL

Internet

Internet

Infrastructure developers have to design, create

and maintain these common services for

both internal and external use (if required)

Discovery

Security

Development Tools

Service Registry

There are common

services that are used by all applications


Tasks for Infrastructure Developers

Selection of standards to implement as part of the infrastructure

Development of a set of common infrastructure services for discovery, communication, security, etc.

Identification and development of binding mechanisms to satisfy the largest set of potential service users

Provision of tools for application and service developers

Documentation and support for the infrastructure


The Potential Problem

If the three types of components are developed within the same organization, the challenges are less.• Simpler communication between developers (or might

even be the same developers)

However, it is becoming increasingly common for these three types of components to be developed independently by separate organizations. • Decisions made locally by any one of these development

groups can have an effect on the other groups.


Sample Consequences of Decisions: Service Granularity 1

The granularity of service interfaces can affect the end-to-end performance of an SoS because services are executed across a network as an exchange of a service request and a service response.

• If service interfaces are too coarse-grained, clients will receive more data than they need in their response message.

• If service interfaces are too fine-grained, clients will have to make multiple trips to the service to get all the data they need.


Sample Consequences of Decisions: Service Granularity 2

Order Management

System

[Basic Info, Order History, Pending Orders] getCustomerInfo( CustomerId )

The Order Management System can expose the business functionality of

getting all the customer information in one call

OrderHistory getOrderHistory( CustomerId )

CustInfo getCustBasicInfo( CustomerId )

Order[] getPendingOrders( CustomerId )

Or the service can be more granular and provide three

different operations for each type of information


Sample Consequences of Decisions: Requirements 1

If service developers do not understand functionality and QoS needs of potential users of services, they might end up developing and deploying services that are never used


In Summary …

SOA-based systems are about more than just technology.

SOA-based systems development requires

1. Strategic approach to SOA implementation• Alignment with business goals

2. SOA governance• Policies, coordination and guidance for SOA

infrastructure providers, service providers, and application developers

3. Realistic technology evaluation• Context-based technology evaluations

4. Change of mindset• Different development and implementation approach

Security for e-Commerce

Definition of e-CommerceDefinition of e-Commerce

E-commerce involves E-commerce involves digitally enableddigitally enabled commercial commercial transactionstransactions between and among organizations and between and among organizations and individualsindividuals

Digitally enabled transactionsDigitally enabled transactions include all transactions include all transactions mediated by digital technologymediated by digital technology

Commercial transactionsCommercial transactions involve the exchange of value involve the exchange of value across organizational or individual boundaries in return across organizational or individual boundaries in return for products or servicesfor products or services

e-Commerce vs. e-Businesse-Commerce vs. e-Business E-Commerce: direct financial electronic transaction (e.g.,

ordering a book on Amazon.com) E-Business: use of the Internet and the Web to better support

any current manner of doing business.

Seven Unique Features of e-CommerceSeven Unique Features of e-Commerce

Is ubiquitous (available everywhere, all the time) Is ubiquitous (available everywhere, all the time)

Offers global reach (across cultural/national boundaries)Offers global reach (across cultural/national boundaries)

Operates according to universal standards (lowers market entry for Operates according to universal standards (lowers market entry for merchants and search costs for consumers)merchants and search costs for consumers)

Provides information richness (more powerful selling environment)Provides information richness (more powerful selling environment)

Is interactive (can simulate face-to-face experience, but on global Is interactive (can simulate face-to-face experience, but on global scale)scale)

Increases information density (amount and quality of information Increases information density (amount and quality of information available to all market participants)available to all market participants)

Permits personalization/customizationPermits personalization/customization

Types of e-CommerceTypes of e-Commerce

Classified by nature of market relationshipClassified by nature of market relationship Business-to-Consumer (B2C) Business-to-Business (B2B) Consumer-to-Consumer (C2C)

Classified by type of technology usedClassified by type of technology used Peer-to-Peer (P2P) Mobile commerce (M-commerce)

AdvantagesAdvantages

QuickQuick

EasyEasy

Time SaverTime Saver

Variety of choicesVariety of choices

ComparisonComparison

DisadvantagesDisadvantages

Security --- very importantSecurity --- very important

Speed of internet accessSpeed of internet access

Malfunction of websiteMalfunction of website

Physically touching the productPhysically touching the product

Shipping and handlingShipping and handling

Who to deal with when customer is not satisfiedWho to deal with when customer is not satisfied

Dimensions of e-Commerce SecurityDimensions of e-Commerce Security

IntegrityIntegrity: ability to ensure that information being displayed on a Web : ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in site or transmitted/received over the Internet has not been altered in any way by an unauthorized partyany way by an unauthorized party

NonrepudiationNonrepudiation: ability to ensure that e-commerce participants do : ability to ensure that e-commerce participants do not deny (repudiate) online actionsnot deny (repudiate) online actions

AuthenticityAuthenticity: ability to identify the identity of a person or entity with : ability to identify the identity of a person or entity with whom you are dealing on the Internetwhom you are dealing on the Internet

ConfidentialityConfidentiality: ability to ensure that messages and data are : ability to ensure that messages and data are available only to those authorized to view themavailable only to those authorized to view them

PrivacyPrivacy: ability to control use of information a customer provides : ability to control use of information a customer provides about himself or herself to merchantabout himself or herself to merchant

AvailabilityAvailability: ability to ensure that an e-commerce site continues to : ability to ensure that an e-commerce site continues to function as intendedfunction as intended

Dimensions of e-Commerce SecurityDimensions of e-Commerce Security

Security Threats in the e-Commerce EnvironmentSecurity Threats in the e-Commerce Environment

Three key points of vulnerability:Three key points of vulnerability: Client Server Communications channel

Most common threats:Most common threats: Malicious code Hacking and cybervandalism Credit card fraud/theft Spoofing Denial of service attacks Sniffing Insider jobs

A Typical E-commerce TransactionA Typical E-commerce Transaction

Vulnerable Points in an e-Commerce EnvironmentVulnerable Points in an e-Commerce Environment

Technology SolutionsTechnology Solutions

Protecting Internet communications (encryption)Protecting Internet communications (encryption)

Securing channels of communication Securing channels of communication (SSL, S-HTTP, VPNs)(SSL, S-HTTP, VPNs)

Protecting networks (firewalls)Protecting networks (firewalls)

Protecting servers and clients Protecting servers and clients

Protecting Internet Communications: Protecting Internet Communications: EncryptionEncryption EncryptionEncryption: The process of transforming plain text or : The process of transforming plain text or

data into cipher text that cannot be read by anyone other data into cipher text that cannot be read by anyone other than the sender and receiverthan the sender and receiver

Purpose:Purpose: Secure stored information Secure information transmission

Provides:Provides: Message integrity Nonrepudiation Authentication Confidentiality

CryptographyCryptography

Cryptography is the science or study of secret writing Cryptography is the science or study of secret writing (cipher texts)(cipher texts) Basic idea: convert clear text (also called plain text – the

original message) to ciphertext (the encrypted message)

Three Main CategoriesThree Main Categories Secret Key (Symmetric Encryption)

single key is used to encrypt and decrypt information Public/Private Key (Asymmetric Encryption)

two keys are used: one for encryption (public key) and one for decryption (private key)

One-way Function information is encrypted to produce a “digest” of the original information

that can be used later to prove its authenticity

Symmetric Key EncryptionSymmetric Key Encryption

Also known as secret key encryptionAlso known as secret key encryption

Both the sender and receiver use the same digital key to encrypt and Both the sender and receiver use the same digital key to encrypt and decrypt messagedecrypt message

Requires a different set of keys for each transactionRequires a different set of keys for each transaction

Data Encryption Standard (DES): Most widely used symmetric key Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bitsup through 2048 bits

Other known symmetrical algorithmsOther known symmetrical algorithms Triple DES, DESX, GDES, RDES

168 bit key RC2, RC4, RC5

variable length up to 2048 bits IDEA - basis of PGP

128 bit key Blowfish

variable length up to 448 bits

Symmetric Key Encryption (Secret Key)Symmetric Key Encryption (Secret Key)

Strength of encryption technique depends on key Strength of encryption technique depends on key lengthlength

Advantages: Advantages: fast, ciphertext securefast, ciphertext secure

Disadvantages: Disadvantages: must distribute key in advance, key must distribute key in advance, key must not be revealedmust not be revealed

Simple Secret-Key ExampleSimple Secret-Key Example

P = “abra” which has the binary representation: P = “abra” which has the binary representation: 0110000101100010001110010110000101100001011000100011100101100001

Choose a random string of bits as the key Choose a random string of bits as the key 1001110101001000111101010101110010011101010010001111010101011100

Can use a simple XOR of the binary to get C Can use a simple XOR of the binary to get C 1111110000101010100001110011110111111100001010101000011100111101

To get P back, use the same algorithm and keyTo get P back, use the same algorithm and key

Data Encryption StandardData Encryption Standard

The algorithm for the Data Encryption Standard (DES) The algorithm for the Data Encryption Standard (DES) was developed by IBM in the early 1970swas developed by IBM in the early 1970s

DES uses a 56-bit keyDES uses a 56-bit key

The key uses 7 bits of eight 8-bit bytes (the 8th bit of each byte is used for parity)

DES is a block cipher that operates on one 64-bit block DES is a block cipher that operates on one 64-bit block of plaintext at a timeof plaintext at a time

There are 16 rounds of encryption in DES, where each There are 16 rounds of encryption in DES, where each round uses a different subkeyround uses a different subkey

DES Block DiagramDES Block Diagram

Public Key EncryptionPublic Key Encryption Probably most significant advance in the 3000 year history of Probably most significant advance in the 3000 year history of

cryptographycryptography

Public key cryptography solves symmetric key encryption problem Public key cryptography solves symmetric key encryption problem of having to exchange secret key of having to exchange secret key

Uses two mathematically related digital keys – public key (widely Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)disseminated) and private key (kept secret by owner)

Both keys are used to encrypt and decrypt messageBoth keys are used to encrypt and decrypt message

Once key is used to encrypt message, same key cannot be used to Once key is used to encrypt message, same key cannot be used to decrypt messagedecrypt message

For example, sender uses recipient’s public key to encrypt For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt itmessage; recipient uses his/her private key to decrypt it

Most common algorithm is the RSA algorithm with key lengths from Most common algorithm is the RSA algorithm with key lengths from 512 to 1024 bits512 to 1024 bits

Public Key Encryption (Asymmetric Encryption)Public Key Encryption (Asymmetric Encryption)

Advantages: Advantages: public key widely distributable, does public key widely distributable, does digital signaturesdigital signatures

Disadvantages: Disadvantages: slow (slow (RSA is about 1500 times RSA is about 1500 times slower than DES)slower than DES), key distribution, key distribution

RSARSA

by by RRivest, ivest, SShamir & hamir & AAdleman of MIT in 1977 dleman of MIT in 1977

The security of RSA is based on the difficulty of factoring The security of RSA is based on the difficulty of factoring large numberslarge numbers

The basic algorithm for confidentiality is very simple:The basic algorithm for confidentiality is very simple: ciphertext = (plaintext)e mod n plaintext = (ciphertext)d mod n private key = {d, n} public key = {e, n}

The difficulty in calculating The difficulty in calculating dd given given ee and and nn provides the provides the securitysecurity

Generating RSA keysGenerating RSA keys

To generate an RSA key pair, follow these steps:To generate an RSA key pair, follow these steps: Choose two prime numbers p and q and keep them

secret Calculate n = p x q Calculate φ(n) = (p - 1)(q - 1) Select e such that e is relatively prime to φ(n)

gcd (φ(n),e) = 1; 1< e <φ(n)

Calculate d = e -1 mod φ(n) Public Key KU = {e, n} Private Key KR = {d, n}

Example of RSA AlgorithmExample of RSA Algorithm

E ncr yption

plaintext88

plaintext88

cipher text1188 mod 187 = 11

K U = 7, 187

D ecr yption

F igur e 9.6 E xample of R SA A lgor ithm

711 mod 187 = 88

K R = 23, 187

23

One-Way FunctionOne-Way Function

non-reversible “quick” encryptionnon-reversible “quick” encryption

produces a fixed length value called a hash or produces a fixed length value called a hash or message digestmessage digest

used to authenticate contents of a messageused to authenticate contents of a message

Common message digest functionsCommon message digest functions MD4 and MD5

produces 128 bit hashes SHA

produces 160 bit hashes

Structure of MD4, MD5, and SHAStructure of MD4, MD5, and SHA

Pad message to a multiple of 512 bits:Pad message to a multiple of 512 bits:

Compute digest of padded message in 512-bit chunks:Compute digest of padded message in 512-bit chunks:

Cryptographic Services AllowCryptographic Services Allow

Digital Signatures Digital Signatures sign messages to validate source and integrity of the contents

Message DigestsMessage Digests short bit string hash of message

Digital EnvelopesDigital Envelopes secure delivery of secret keys

Certificates (Digital IDs)Certificates (Digital IDs) used to authenticate: users, web sites, public keys of

public/private pair, and information in general

Secure ChannelsSecure Channels encryption can be used to create secure channels over private

or public networks

Digital SignaturesDigital Signatures

Digital SignatureDigital Signature Encrypt sender’s identity string with sender’s private

key Concatenate the encrypted text and the identity

string together Encrypt this message with receiver’s public key to

create message Receiver decrypts the encrypted text with their

private key the cypher text portion of the message is decrypted

with sender’s public key The decrypted text can be compared with the normal

text to checks its integrity

Message DigestsMessage Digests

How to create and use a message digestHow to create and use a message digest sender uses message as input to digest function “sign” (encrypt) output (hash) with sender’s private

key send signed hash and original message (in plain

text) to receiver receiver decrypts hash with sender’s public key receiver runs plain text message through digest

function to obtain a hash if receiver’s decrypted hash and computed hash

match then message valid

Private Key

MessageHash

Function

Digest

Encrypt

Signature

Message

Signature

Hash Function

Decrypt

Public Key

Message

ActualDigest

ExpectedDigest

If actual and expected match, the signature is verified

Originator RecipientTransmitted Message

Digital EnvelopeDigital Envelope

Public/Private key encryption/decryption useful for Public/Private key encryption/decryption useful for internetinternet

Addresses weaknesses of public key encryption Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, (computationally slow, decreases transmission speed, increases processing time)increases processing time)

Uses symmetric key encryption to encrypt document but Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric keypublic key encryption to encrypt and send symmetric key sender creates and uses symmetric (session) key to create

cipher text sender uses receiver’s public key to encrypt the symmetric key

- digital envelope sender transmits both cipher text and digital envelope to

receiver

Understand Key ManagementUnderstand Key Management

Key management is one of the most critical aspects of an encryption Key management is one of the most critical aspects of an encryption systemsystem

It includes creating strong keys, distributing them securely, certifying It includes creating strong keys, distributing them securely, certifying them, protecting while in use, and revoking them when they are them, protecting while in use, and revoking them when they are compromised or expiredcompromised or expired

Keys must be transported securely to ensure the integrity of the keysKeys must be transported securely to ensure the integrity of the keys

If keys are transmitted, they must be checked on arrival to ensure If keys are transmitted, they must be checked on arrival to ensure they have not been manipulated (usually done manually or by digital they have not been manipulated (usually done manually or by digital signatures)signatures)

Certificate Authorities (CAs) ensure the integrity of the keys and Certificate Authorities (CAs) ensure the integrity of the keys and prevent an attacker from introducing their own keysprevent an attacker from introducing their own keys

Digital CertificatesDigital Certificates Certificate Authorities (CAs) ensure the integrity of the keys and Certificate Authorities (CAs) ensure the integrity of the keys and

prevent an attacker from introducing their own keysprevent an attacker from introducing their own keys

Public keys require integrity protection (provided by certification), Public keys require integrity protection (provided by certification), but they do not require confidentiality protection. However, all but they do not require confidentiality protection. However, all copies of the private key of a public key system must be protected copies of the private key of a public key system must be protected at all timesat all times

Certification Authorities (CA)Certification Authorities (CA) used to distribute the public key of a public/private pair guarantees the validity of the public key

does this by verifying the credentials of the entity associated with the public key

Some Cases VeriSign - http://www.verisign.com Entrust - http://www.entrust.com

Public key pairs are generally certified for one or two yearsPublic key pairs are generally certified for one or two years Session keys may only exist for a given session and may be deleted

after the session

… … Digital CertificatesDigital Certificates

Process to create Digital CertificateProcess to create Digital Certificate User generates public/private pair User creates and sends a certificate request his choice of CA

contains: identifying information and user’s public key Like Server, company, location, state, country and also the

documents proving identity CA confirms the accuracy of the information submitted CA creates a certificate containing user’s public key and

information CA creates message digest from certificate and signs it with

CA’s private key This a signed certificate The certificate is sent to the subscriber and also a copy of it

may be submitted to the certificate repository, such as a directory service for publication

… … Digital CertificatesDigital Certificates

Using a Digital CertificateUsing a Digital Certificate before sending a secure message sender request a

signed certificate from receiver sender decrypts signed certificate with CA’s known

public key to obtain message digest of info and public key provided to CA by receiver

sender creates a message digest of public key and info provided by the receiver for sender’s use

sender compare the message digests if they match then receiver is validated

Digital Certificate VerificationDigital Certificate Verification

Do I trust the CA? (Is it in my list of trust root certification Do I trust the CA? (Is it in my list of trust root certification authorities?)authorities?)

Is the certificate genuine?Is the certificate genuine? Look up the CA’s public key; use it to decrypt the signature Compute the certificate’s hash; compare with decrypted sig

Is the holder genuine? This requires a challengeIs the holder genuine? This requires a challenge

If the holder is genuine, he must know the private key If the holder is genuine, he must know the private key corresponding to the pubic key in the certificatecorresponding to the pubic key in the certificate

Having the certificate is not enough. (They are exchanged over the Having the certificate is not enough. (They are exchanged over the Internet all the time)Internet all the time)

Send him a nonce (random 128-bit number)Send him a nonce (random 128-bit number)

Challenge by NonceChallenge by Nonce

If you’re really Mr. X, you must know his private keyIf you’re really Mr. X, you must know his private key

So please encrypt this nonce:So please encrypt this nonce:“A87B1003 9F60EA46 71A837BC 1E07B371”“A87B1003 9F60EA46 71A837BC 1E07B371”

When the answer comes back, decrypt it using the When the answer comes back, decrypt it using the public key in the certificatepublic key in the certificate

If the result matches, the remote user knew the correct If the result matches, the remote user knew the correct private keyprivate key

Never use the same nonce twice Never use the same nonce twice

Types of Digital CertificatesTypes of Digital Certificates

site certificatessite certificates used to authenticate web servers

personal certificatespersonal certificates used to authenticate individual users

software publishers certificatessoftware publishers certificates used to authenticate executables

CA certificatesCA certificates used to authenticate CA’s public keys

All certificates have the common format standard of All certificates have the common format standard of X.509v3X.509v3

Digital Certificate ContentsDigital Certificate Contents

Name of holderName of holder

Public key of holderPublic key of holder

Name of trusted third party (certificate authority)Name of trusted third party (certificate authority)

DIGITAL SIGNATURE OF CERTIFICATE AUTHORITYDIGITAL SIGNATURE OF CERTIFICATE AUTHORITY

Data on which hash and public-key algorithms have Data on which hash and public-key algorithms have been usedbeen used

Other business or personal informationOther business or personal information

X.509 Version 3 Digital CertificateX.509 Version 3 Digital Certificate

VERSION # OF X.509

UNIQUE # ASSIGNED BY CA

EXAMPLES: MD5RSA,sha1RSA

USUALLY A DOMAIN NAME

EXAMPLES: RSA

Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)

Digital certificates alone are not enough to establish Digital certificates alone are not enough to establish securitysecurity Need control over certificate issuance and management

PKI: refers to the CAs and digital certificate procedures PKI: refers to the CAs and digital certificate procedures that are accepted by all partiesthat are accepted by all parties

Functions of a PKIFunctions of a PKI Generate public/private key pairs Identify and authenticate key subscribers Bind public keys to subscriber by digital certificate Issue, maintain, administer, revoke, suspend, reinstate, and

renew digital certificates Create and manage a public key repository

Securing Channels of CommunicationSecuring Channels of Communication

Secure Sockets Layer (SSL): Most common Secure Sockets Layer (SSL): Most common form of securing channels of communicationform of securing channels of communication used to establish a secure negotiated session

(client-server session in which URL of requested document, along with contents, is encrypted)

S-HTTP: Alternative methodS-HTTP: Alternative method provides a secure message-oriented

communications protocol designed for use in conjunction with HTTP

Virtual Private Networks (VPNs)Virtual Private Networks (VPNs) Allow remote users to securely access internal

networks via the Internet, using Tunneling Protocol

Secure Negotiated Sessions Using SSLSecure Negotiated Sessions Using SSL

Internet TunnelsInternet Tunnels

virtual network circuit across the Internet virtual network circuit across the Internet between specified remote sitesbetween specified remote sites uses an encrypting router that automatically encrypts

all traffic that traverses the links of the virtual circuit

Tunneling ProtocolsTunneling Protocols PPTP by Microsoft - http://www.microsoft.com Layer 2 Forwarding (L2F) by Cisco -

http://www.cisco.com L2TP (combines PPTP and L2F) -

http://www.ietf.com

Secure Sockets LayerSecure Sockets Layer

SSL HistorySSL History Competitor to S-HTTP S-HTTP an extension of HTTP General purpose encryption system using symmetric

encryption S-HTTP only encrypts Web protocols Three versions v1.0, v2.0 and v3.0

SSL v3.0 implemented in Netscape 3.0 and Internet Explorer 3.0 and higher

SSL v3.0 supports Diffie-Hellman anonymous key exchange and Fortezza smart card


SSL CharacteristicsSSL Characteristics Operates at the TCP/IP transport layer Encrypts (decrypts) input from application (transport)

layer Any program using TCP can be modified to use SSL

connections SSL connection uses a dedicated TCP/IP socket

(e.g. port 443 for https or port 465 for ssmtp)


SSL CharacteristicsSSL Characteristics SSL is flexible in choice of which symmetric

encryption, message digest, and authentication algorithms can be used

When SSL client makes contact with SSL server they try to pick strongest encryption methods they have in common

SSL provides built in data compression compress first then encrypt


SSL CharacteristicsSSL Characteristics When SSL connection established browser-to-server

and server-to-browser communications are encrypted. This includes: URL of requested document Contents of the document Contents of browser forms Cookies sent from browser to server Cookies sent from server to browser Contents of HTTP header But NOT particular browser to particular server

socket addresses not encrypted can use proxy server for privacy


Establishing an SSL ConnectionEstablishing an SSL Connection The client (browser) opens a connection to server

port Browser sends “client hello” message. Client hello

message contains: version of SSL browser uses ciphers and data compression methods it supports

The Server responds with a “server hello” message. Server hello message contains session id the chosen versions for ciphers and data compression

methods


Establishing an SSL Connection (con’t.)Establishing an SSL Connection (con’t.) The server sends its certificate

used to authenticate server to client

Optionally the server may request client’s certificate If requested, client will send its certificate of

authentication if client has no certificate then connection failure

Client sends a “ClientKeyExchange” message symmetric session key chosen digital envelope is created using server’s public key and

contains the symmetric session key


Establishing an SSL Connection (con’t.)Establishing an SSL Connection (con’t.) Optionally, if client authentication is used the client

will send a certificate verify message Server and client send “ChangeCipherSpec”

message indicating they are ready to begin encrypted transmission

Client and server send “Finished” messages to each other These are a message digest of their entire conversation up

to this point If the digests match then messages were received without

interference

Client (Browser) Server

1. Client sends ClientHello message

2.Server acknowledges with ServerHello message

.Session Key

Server Certificate

Client Certificate

3. Server sends its certificate

(4. Server requests client’s certificate)

(5. Client sends its certificate)

Server’s public key 6. Client sends

“ClientKeyExchange” message

Server’s private key

Session keyDigital signature

(7. Client sends a “Certificate Verify” message)

8. Both send “ChangeCiperSpec” messages

9. Both send “Finished” messages

Digital envelope

..X

SSL Connection SetupSSL Connection Setup

8. advances in web engineering

Documents

system soa

web engineeringsoasecurity

new services

crm applicationcustomer

legacy system

soa adoption

available services

invocation of services